Users are increasingly performing tasks using remote computing resources, often referred to as part of “the cloud.” This has many advantages, as users do not have to purchase and maintain dedicated hardware and software, and instead can pay for only those resources that are needed at any given time, where those resources typically will be managed by a resource provider. Users can perform tasks such as storing data to various types of resources offered by a resource provider, accessing the data, and performing various functions utilizing the data and/or services provided by the resource provider. An “identity” in the resource provider environment may define certain policies that govern access to such resources, such as what data and/or services a user assuming the identity may or more not access. Typically, such network accessibility is primarily protected using credentials such as username and password associated with the resource provider environment. Federated identities, such as client-side active directory (AD) credentials, may also be used to access the above-described resources. However, due to mapping constraints, difficulties may arise in which a user logged in through a federated identity may not be able to access all the resources needed to complete a task in the resource provider environment.